| 1 |
On Wednesday 20 August 2003 01:25, Patrick Lauer wrote: |
| 2 |
|
| 3 |
> > The problem - indeed - is, that even their latest unstable release |
| 4 |
> > (1.5.6a) doesn't fix the problem and I observe xmule sharply and am |
| 5 |
> > waiting for a fixed release or at least a patch. |
| 6 |
> |
| 7 |
> I recommend masking _all_ versions at the moment and issuing a GLSA. |
| 8 |
> Maybe I'm overreacting, but I do not wish to have my computer rooted |
| 9 |
> :) |
| 10 |
|
| 11 |
I did that, just didn't mention it in my email...if you re-sync you |
| 12 |
should get the new ebuilds + package.mask |
| 13 |
|
| 14 |
> > I added an einfo about the security hole in all the xmule ebuilds |
| 15 |
> > and I hope they release 1.4.4 or something soon (which will |
| 16 |
> > immediatly be arch of course) |
| 17 |
> |
| 18 |
> That's good, but I don't think it's adequate since not everybody |
| 19 |
> reinstalls xmule every day _and_ reads all einfo lines scrolling by. |
| 20 |
|
| 21 |
that einfo is at pkg_postinst() so everbody should see it (at least if |
| 22 |
nothing else is merged immediatly afterwards ;) |
| 23 |
|
| 24 |
-- |
| 25 |
Rainer Groesslinger |
| 26 |
http://dev.gentoo.org/~scandium/ |
Archives